Quick DHCP/Static IP Question

vistalavistavistalavista Member Posts: 78 ■■□□□□□□□□
Hey guys,

Just wondering if someone would be able to help me with a situation:

There's a specific ip address set as static ip address somewhere. It wasn't signed out by DHCP or reserved. I found through tracert the name of the device and I can ping it but have no idea what it is. At this point, I'm thinking it's a device we shouldn't have on our network (from the name). How can I block it (through DHCP or otherwise) from using that ip?



  • joelsfoodjoelsfood Member Posts: 1,027 ■■■■■■□□□□
    Disable the port that the nic is on. YOu can also put a static invalid arp entry on the gateway to keep the device from using your internet connection

    If you ahve the mac address, you can look up the first six digits to determine the manufacturer.
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Yeah, you should be able to find the MAC address and drop the port. Whoever has that device will soon complain when it doesn't work anymore :)
  • HeeroHeero Member Posts: 486
    Find the mac address through ARP tables, track down the switchport with the mac address. Turn off the switchport. Wait for someone to call you.
  • santaownssantaowns Member Posts: 366
    The above will work. Do keep in mind most users don't know how to make their ip static. It is an advanced user or possibly a server. Try to rdp to the device or putty to it. Also can try going to the ip in in any browser to see if it's hosting a site.
  • joelsfoodjoelsfood Member Posts: 1,027 ■■■■■■□□□□
    Identification from mac/IP:
    nbtstat -a (works on Windows servers)
    coffer.com/mac_find (gives you a clue to hardware manufacturer)
    nmap (can give you a clue to OS)
    http/https (can give you a clue to os/device) <- this one can be a bit tricky. If you're really persistent, you might need to use telnet to port 80 and a get, then page up. You can find things like networked door locks that use JSON/etc but don't present a regular browsable site
    telnet/ssh/ftp (banners can give you a clue)

    Cisco L2 traceroute to find port: If you know the mac, and want to find port across multipe switches, don't use traceroute per the docs. Instead, use it as such (example suspect mac 01:23:45:67:89:00)
    traceroute mac 01:23:45:67:89:00 01:23:45:67:89:00

    Standard method requires you to know vlan to ensure it works, and provide source in that vlan. Using the suspect mac as source and destination will tell you switch and port, even if you don't know what vlan it's on. Comes in really handy with networks with 200 or more switches
Sign In or Register to comment.